Sign up today and access Information Management on the web!
Your FREE registration entitles you to:

FREE email newsletters

FREE access to all Information Management content

FREE access to web seminars, resource portals, our white paper library and more!

Poll: Lack of Protection Leaves Merchants Open to Data Security Breaches

Information Management Online, December 28, 2005

Information Management Editorial Staff

A poll released by Protegrity Corporation, a provider of data security management solutions, found that Payment Card Industry Data Security Standard (PCI) compliance is severely lagging at merchants of all levels despite a growing Internet fraud rate.

During a recent Protegrity webcast on "Accelerating PCI Compliance: Real World Experiences and Strategies" featuring Intuit, respondents were asked what is the status of their PCI compliance efforts, 45 percent said they are in the very early stages of the compliance process, while 19 percent said they have not passed their initial assessment. Only 3 percent said they have passed an assessment.

According to the 7th Annual CyberSource Fraud survey, dollar losses from e-commerce fraud continued to mount for merchants. In 2005, total losses to online fraud will exceed $2.8 billion, up from $2.6 billion in 2004, with large and midsize merchants finding the issue most difficult to address.

To meet the PCI standards merchants of all sizes are required to:

1. Install and maintain a firewall configuration to protect data.

2. Do not use vendor-supplied defaults for system passwords and other security parameters.

3. Protect Stored Data.

4. Encrypt transmission of cardholder data and sensitive information across public networks.

5. Use and regularly update anti-virus software.

6. Develop and maintain secure systems and applications.

7. Restrict access to data by business need-to-know.

8. Assign a unique ID to each person with computer access.

9. Restrict physical access to cardholder data.

10. Track and monitor all access to network resources and cardholder data.

11. Regularly test security systems and processes.

12. Maintain a policy that addresses information security.

Merchants and providers who do not comply may receive fines and/or face restrictions - or in severe cases, be prohibited from accepting credit card(s).

In a poll follow up question, respondents were asked how does PCI compliance compare with other regulations in terms of 2006 compliance projects? 24 percent said PCI is one of their most important projects, 25 percent said PCI is about as important as SOX in importance, 25 percent said all compliance projects are of equal importance, 15 percent said PCI ranks behind both federal and state privacy and disclosure laws in importance, and 8 percent said PCI is just barely on their radar screen.

This piece is brought to you by the Information Management editorial staff.

For more information on related topics, visit the following channels: